Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/nJ8nX92KD7tMIT9vc1xg_Q4L7Ak.roa
File:                     nJ8nX92KD7tMIT9vc1xg_Q4L7Ak.roa (raw, json)
Hash identifier:          PDcnfd6ylBEVTr20UAehex+Bjeh/URx3LCaxfLFBs70=
Subject key identifier:   9C:9F:27:5F:DD:8A:0F:BB:4C:21:3F:6F:73:5C:60:FD:0E:0B:EC:09
Certificate issuer:       /CN=ec4d0394084f7e4062609728f4d4d57b06455a56
Certificate serial:       018CC6B8F6D108DF6121639FA303C126F455
Authority key identifier: EC:4D:03:94:08:4F:7E:40:62:60:97:28:F4:D4:D5:7B:06:45:5A:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E0DlAhPfkBiYJco9NTVewZFWlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/nJ8nX92KD7tMIT9vc1xg_Q4L7Ak.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2635
IP address blocks:        185.138.28.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/7E0DlAhPfkBiYJco9NTVewZFWlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/7E0DlAhPfkBiYJco9NTVewZFWlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E0DlAhPfkBiYJco9NTVewZFWlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f6:d1:08:df:61:21:63:9f:a3:03:c1:26:f4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4d0394084f7e4062609728f4d4d57b06455a56
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c9f275fdd8a0fbb4c213f6f735c60fd0e0bec09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:25:61:05:14:ce:d2:24:41:d5:46:fd:6e:83:
                    e7:31:52:8e:a0:3d:87:79:b0:b8:a9:48:7d:ce:43:
                    0c:50:10:26:d1:3b:26:cc:d3:db:92:9f:4c:d4:07:
                    53:a2:2b:01:b3:66:d3:4d:3e:68:70:3e:91:7e:ef:
                    2a:c1:b9:d5:b5:3b:89:d5:7e:87:11:1e:9f:e6:62:
                    07:56:47:4a:85:75:34:d3:98:9d:3b:9a:13:94:8b:
                    c3:d2:15:50:b7:19:b6:d0:11:45:55:03:68:65:ba:
                    7c:f0:c9:f6:cc:04:4c:06:cc:42:ee:2f:d5:a7:50:
                    44:40:2e:a5:13:28:e3:bd:d8:5c:58:2e:e9:46:2b:
                    e5:49:f5:1a:45:10:3c:6b:96:70:24:26:fc:c3:43:
                    6c:b6:58:80:6f:61:ad:c2:c8:d4:5c:86:f4:13:4b:
                    01:41:a7:44:d9:35:47:1d:78:5a:f5:67:a1:e1:c5:
                    1d:da:f2:b9:40:af:c6:3d:74:84:09:fb:85:c8:45:
                    04:3d:c5:82:90:e6:1a:f0:7a:8e:57:01:14:49:ab:
                    d8:09:ef:0a:46:3d:5d:65:79:11:7e:a2:15:b7:17:
                    43:78:eb:92:43:11:7e:c6:ab:20:63:3a:0c:da:d9:
                    e3:7e:e4:80:9d:d7:72:a4:1f:b1:d4:08:a1:04:43:
                    eb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:9F:27:5F:DD:8A:0F:BB:4C:21:3F:6F:73:5C:60:FD:0E:0B:EC:09
            X509v3 Authority Key Identifier:
                keyid:EC:4D:03:94:08:4F:7E:40:62:60:97:28:F4:D4:D5:7B:06:45:5A:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E0DlAhPfkBiYJco9NTVewZFWlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/nJ8nX92KD7tMIT9vc1xg_Q4L7Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/236610-2448-423b-9bca-268ced8435b5/1/7E0DlAhPfkBiYJco9NTVewZFWlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:1f:74:d2:cc:2a:ae:0e:3e:24:d4:66:69:be:fc:98:cd:12:
         f9:4a:71:57:60:d5:78:7d:72:b2:81:c6:18:c0:d3:fe:f1:c4:
         80:c9:51:7c:28:ec:18:b5:f1:c6:7a:33:1e:a4:74:75:e6:ec:
         e4:ac:8d:81:a5:0f:6a:c0:30:5d:4b:3a:84:3b:1c:42:46:84:
         b1:c5:df:d5:f5:47:09:b2:63:2a:af:d2:ab:d9:d4:64:ff:2d:
         a7:0e:ac:68:e2:dd:38:b6:95:4a:7f:ba:7d:3b:bf:0e:d7:2e:
         fb:56:68:5c:b3:38:e2:98:a7:38:1d:18:bd:5d:4f:55:de:bc:
         82:47:cb:33:a2:06:54:4a:6e:10:5f:b5:82:61:72:69:62:17:
         1f:42:9a:7c:53:24:37:c5:a0:81:1d:7f:53:28:85:e5:6b:5b:
         87:01:54:69:29:57:3c:47:d0:bf:34:8f:34:4c:d3:02:21:c2:
         64:fc:68:36:6a:94:f6:ad:d2:d5:79:4a:eb:e3:6c:51:a5:31:
         fa:6e:84:08:c6:f4:76:d6:08:56:9e:0d:5f:c5:2c:5f:3a:2e:
         1f:c1:20:e9:12:4a:22:65:74:d3:a2:e3:98:9f:20:a6:b8:c4:
         72:26:4c:1b:37:bc:ae:48:8c:72:88:30:0d:d5:39:be:23:b7:
         54:c6:98:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPbRCN9hIWOfowPBJvRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGQwMzk0MDg0ZjdlNDA2MjYwOTcyOGY0ZDRkNTdiMDY0
NTVhNTYwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzlmMjc1ZmRkOGEwZmJiNGMyMTNmNmY3MzVjNjBmZDBlMGJlYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyVhBRTO0iRB1Ub9boPnMVKOoD2H
ebC4qUh9zkMMUBAm0TsmzNPbkp9M1AdToisBs2bTTT5ocD6Rfu8qwbnVtTuJ1X6H
ER6f5mIHVkdKhXU005idO5oTlIvD0hVQtxm20BFFVQNoZbp88Mn2zARMBsxC7i/V
p1BEQC6lEyjjvdhcWC7pRivlSfUaRRA8a5ZwJCb8w0NstliAb2GtwsjUXIb0E0sB
QadE2TVHHXha9Weh4cUd2vK5QK/GPXSECfuFyEUEPcWCkOYa8HqOVwEUSavYCe8K
Rj1dZXkRfqIVtxdDeOuSQxF+xqsgYzoM2tnjfuSAnddypB+x1AihBEPr0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyfJ1/dig+7TCE/b3NcYP0OC+wJMB8GA1UdIwQY
MBaAFOxNA5QIT35AYmCXKPTU1XsGRVpWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0UwRGxBaFBma0JpWUpjbzlOVFZld1pGV2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8yMzY2MTAtMjQ0OC00MjNiLTliY2Et
MjY4Y2VkODQzNWI1LzEvbko4blg5MktEN3RNSVQ5dmMxeGdfUTRMN0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8yMzY2MTAtMjQ0OC00MjNiLTliY2EtMjY4Y2VkODQzNWI1
LzEvN0UwRGxBaFBma0JpWUpjbzlOVFZld1pGV2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYocMA0G
CSqGSIb3DQEBCwUAA4IBAQBFH3TSzCquDj4k1GZpvvyYzRL5SnFXYNV4fXKygcYY
wNP+8cSAyVF8KOwYtfHGejMepHR15uzkrI2BpQ9qwDBdSzqEOxxCRoSxxd/V9UcJ
smMqr9Kr2dRk/y2nDqxo4t04tpVKf7p9O78O1y77VmhcszjimKc4HRi9XU9V3ryC
R8szogZUSm4QX7WCYXJpYhcfQpp8UyQ3xaCBHX9TKIXla1uHAVRpKVc8R9C/NI80
TNMCIcJk/Gg2apT2rdLVeUrr42xRpTH6boQIxvR21ghWng1fxSxfOi4fwSDpEkoi
ZXTTouOYnyCmuMRyJkwbN7yuSIxyiDAN1Tm+I7dUxpin
-----END CERTIFICATE-----